Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 80 of 86

[WEB HACKING] URL Redirection & URL Forwards ์šฐํšŒ ๊ธฐ๋ฒ•(Bypass Redirection Filtering)

  • 2 min read

URL Redirection, URL Forwarding ์ด๋ผ๊ณ ๋„ ๋ถ€๋ฅด๋Š” ์ด ์ทจ์•ฝ์ (?) ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์€ ์‚ฌ์šฉ์ž๋กœ ํ•˜์—ฌ๊ธˆ ์˜๋„ํ•˜์ง€ ์•Š์€ ํŽ˜์ด์ง€๋กœ ์ด๋™์‹œํ‚ค๋Š” ๋ชฉ์ ์„ ๊ฐ€์ง€๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค.

Read More

CSS๋ฅผ ํ†ตํ•ด Body ํƒœ๊ทธ ์—ฌ๋ฐฑ ์—†์• ๊ธฐ

  • ~1 min read

๋ธ”๋กœ๊ทธ ํŽ˜์ด์ง€ ๊ฐœํŽธ ์ค‘ ๊ณ„์† ์—ฌ๋ฐฑ์ด ์ƒ๊ฒจ์„œ ํ•˜๋‚˜ํ•˜๋‚˜ css ๋ฅผ ๋’ค์ ธ๊ฐ€๋ฉฐ, ์ž˜๋ชป ์ ์šฉํ•œ ๊ฒƒ์ด ์žˆ๋Š”์ง€ ์ฐพ์•„๋ณด์•˜์ง€๋งŒ ๋‹ต์€ ๊ฐ€๊นŒ์šด ๊ณณ์— ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. HTML์—์„œ ์—ฌ๋ฐฑ์ด ๋ฐœ์ƒํ•  ๋•Œ CSS๋‚˜ HTML ์†์„ฑ์œผ๋กœ ๊ฐ„๋‹จํ•˜๊ฒŒ ํ•ด๊ฒฐ์ด ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค. ์•„๋ž˜๋Š” ์ด๋ฒˆ์— ์ฝ”๋“œ์— ์ ์šฉํ•œ ๋ถ€๋ถ„์ธ๋ฐ์š”, leftmargin, rightmargin ์„ ํ†ตํ•ด ์ขŒ์šฐ ์—ฌ๋ฐฑ์„ ์ค„์—ฌ์คฌ์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

[CODING] HTML/CSS ๊ธ€์ž ํ…Œ๋‘๋ฆฌ ์ ์šฉํ•˜๊ธฐ(Apply text border) / text-shadow

  • ~1 min read

์›น์—์„œ ๊ฐ„๋‹จํ•˜๊ฒŒ ๊ธ€์ž์— ํ…Œ๋‘๋ฆฌ๋ฅผ ๋„ฃ๋Š” ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. CSS์—์„œ text-shadow ๋ฅผ ํ†ตํ•ด ๊ทธ๋ฆผ์ž๋ฅผ ๋„ฃ๊ณ , ๊ทธ๋ฆผ์ž ์ƒ‰์ƒ์„ ์ง€์ •ํ•˜์—ฌ ํ…Œ๋‘๋ฆฌ์ฒ˜๋Ÿผ ๋ณด์ด๋„๋ก ๊พธ๋ฐ€ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

[EXPLOIT] OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793) ์ทจ์•ฝ์  ๋ถ„์„

  • 2 min read

์ตœ๊ทผ SSL ๊ด€๋ จํ•˜์—ฌ ์ทจ์•ฝ์ ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๊ฐ€ ํ•˜๋‚˜ ๋” ์žˆ์—ˆ๋Š”๋ฐ, 11/5์ผ ๊ธฐ์ค€์œผ๋กœ EDB์— ํ•ด๋‹น ์ฝ”๋“œ๊ฐ€ ์˜ฌ๋ผ์™€ ๋ณด๊ณ  ๋ถ„์„ํ•  ๊ฒธ ํ•˜์—ฌ ์ž‘์„ฑํ•˜์˜€์Šต๋‹ˆ๋‹ค.

Read More

[METASPLOIT] Metasploit Custom Scanner ๋งŒ๋“ค๊ธฐ(Make Simple Scan Module)

  • 1 min read

offensive-security ์—์„œ ๋ญ ๋ณผ๊ฒŒ ์žˆ๋‹ค ๋’ค์ ๋’ค์ ํ•˜๋˜ ์ค‘ Metasploit Unleashed ์—์„œ ๊ฐ„๋‹จํ•œ Scan Moudle ์ฝ”๋“œ๋ฅผ ๋ณด์•˜์Šต๋‹ˆ๋‹ค. ๋ฌผ๋ก  msf ์ž์ฒด๊ฐ€ ruby๋กœ ๊ตฌ์„ฑ๋˜์–ด ์žˆ์–ด ruby๋ฅผ ์“ฐ์‹œ๋Š” ๋ถ„๋“ค์€ ์‰ฝ๊ฒŒ ์ œ์ž‘ํ•  ์ˆ˜ ์žˆ์ง€๋งŒ, ์ผ๋‹จ ์ƒ˜ํ”Œ์ฝ”๋“œ๊ฐ€ ์žˆ๋‹ค๋ฉด ๋‹ค๋ฅธ ์ฝ”๋“œ๋กœ ํ™•์žฅํ•˜๊ธฐ ๊ต‰์žฅํžˆ ์œ ์šฉํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๋”ฐ๋กœ ํฌ์ŠคํŒ…ํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

[METASPLOIT] Metasploit์—์„œ generate ๋ช…๋ น์„ ํ†ตํ•ด payload ์ƒ์„ฑํ•˜๊ธฐ(generate shellcode on metasploit)

  • 2 min read

msf์—์„œ๋Š” ๊ณต๊ฒฉ์— ์‚ฌ์šฉ๋˜๋Š” shell์„ code ํ˜•ํƒœ๋กœ ๋‚˜ํƒ€๋‚ผ ์ˆ˜ ์žˆ๋Š” ๊ธฐ๋Šฅ์ด ์žˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ generate ๋ช…๋ น์ž…๋‹ˆ๋‹ค. ์ด ๋ช…๋ น์„ ํ†ตํ•ด shellcode๋ฅผ ์œก์•ˆ์œผ๋กœ ๋ณด๊ณ  ๋ณต์‚ฌํ•˜์—ฌ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๊ฒŒ ํ•˜๋Š” ์ข‹์€ ๊ธฐ๋Šฅ์ž…๋‹ˆ๋‹ค.

Read More

[HACKING] BDF(BackDoor-Factory) ์„ค์น˜ ๋ฐ exe ํŒŒ์ผ์— backdoor ํŒจ์น˜ํ•˜๊ธฐ(patch executable binaries with user desired shellcode)

  • 3 min read

๊ณต๊ฒฉ ์„ฑ๊ณต ํ›„ ๊ฐ€์žฅ ๋จผ์ง€ ์„ค์น˜ํ•˜๋Š” ๋„๊ตฌ๋Š” ๋ฌด์—‡์ด ์žˆ์„๊นŒ์š”? ์•„๋งˆ Dropper๋ฅผ ์ด์šฉํ•œ Backdoor ์„ค์น˜๊ฐ€ ๋จผ์ €๋ผ๋Š” ์ƒ๊ฐ์ด ์ข€ ๋“œ๋„ค์š”.

Read More